Stronbox website will be moving to https://www.comglobalit.com/en/strongbox/ in the next weeksStrongbox Support Email: strongbox@comglobalit.comSupport Contact: Elias Torres, Comglobal IT S.A.
--
Clonebox website will be moving to Clonebox.net
Clonebox Email: Ray Morris: support@bettercgi.com

Today there are more ways for attackers to share passwords
than ever before. Years ago, webmasters only needed to be
concerned with password sites. Today, there are old fashioned
password sites with links, Yahoo! Groups for sharing passwords,
password message boards, sites with sophisticated ActiveX controls
to circumvent your protection, and many other methods for
password distribution. In today's web environment you need
the protection of the Strongbox security systemtm to keep people from stealing
your bandwidth by using these passwords. In some cases
the Strongbox security systemtm has been able to save webmasters 6 GB per day
in bandwidth used by password traders. The average site
that doesn't use proper security software like the Strongbox security systemtm seems
to be losing about 1 GB per day this way. By eliminating
this theft of service, the Strongbox security systemtm will pay for itself the
first month you use it.

Brute force describes an attack in which many
thousands of possible username/password combinations
are attempted very quickly. This type of attack will
often compromise a site protected with basic username /
password pairs. This is particularly true because hackers
use lists that include very predictable user names such
as admin with thousands of likely passwords.
To prevent a brute force attack from succeeding, the
traditional advice has been to choose long, difficult to guess
(and difficult to remember) user names and passwords such
as 8x!O;9&)>Mej9gC<. Even if all your
subscribers did use such passwords, preventing a compromised
password is not enough. Looking over server
logs, we've seen that failed attacks are fairly common.
Because the attack may or may not compromise any passwords,
the site owner often is none the wiser. But you may notice
a drop in sales or more customer complaints as your
server is significantly overloaded during the course of
an attack. One popular adult web host advised us that
failed brute force attacks regularly
bring servers to their knees. For that reason,
you need to prevent a brute force attack, along with it's effects
on your server, from ever occurring. If it does occur,
you need to keep the attacker from using up all of your
server resources in the process. the Strongbox security systemtm provides both
technology to discourage anyone from even attempting such
an attack and a defense against the crippling overload
if they attack anyway. To be precise, Strongbox uses a
52 bit session ID. If an attacker were to send your
server 100 requests per second, they could expect to correctly
guess one the Strongbox security systemtm session ID after 1,425,000 years of trying.

The Strongbox security systemtm also allows you to link between sites securely.
That is, you can have links in the members section of one domain
that can securely bring your members to the members section
of another domain, which may be on a different server.
You guys with AVS sites know how much of a problem referrer spoofing
has become, so it's no longer wise to have that kind of setup
with just a referrer check.

The Strongbox security systemtm is also designed to allow easy integration of
a script to protect against "slurping", or bulk downloading of
your whole site. While there have always been software programs
that would allow a user with even a short term trial membership
to download your whole site, this functionality is now built in
to major browsers such as IE. In the worst case, after the thief
downloads your whole site with the click of a button they will
change the referral links and upload the copy to their own server,
effectively stealing your business. I can't imagine the uproar
there would be if this happened in the offline world - somebody
breaking into a store, stealing all of the merchandise, the display
racks, signs, etc. and using it all to open an identical store
across the street. Yet, many webmasters allow this to happen
to them and don't do anything to prevent it. With the Strongbox security systemtm,
you can choose from several techniques for
detecting the slurping and then ask the Strongbox security systemtm to kick that user out.
If they want to look at the rest of your content next month,
they'll have to keep their membership current, rather than
having a copy on their hard drive.

This module provides reports of the most active users
over any chosen time period, the most active
usernames, etc. You can look up any username to
see the exact times, dates, and IPs when they logged
in to your site. You can also see what the Strongbox security systemtm determined
about the attempted logins. If a username or IP range
is suspended or disabled you'll be able to see exactly why.
This is also helpful with users who claim to have never used
your site and ask for a refund. More than once the Strongbox security systemtm
webmaster has had a hearty laugh as they emailed a user
a complete record of the 22 times the person "used" the site
over the last 5 weeks. The users generally apologize
and comment on how much they really do like the site.
This module also shows any errors that may have occurred,
to help in resolving customer complaints.
You can see some of what it provides in the screenshots.

Each day, our bettercgi.com spider analyzes all known
password sites, retrieving tens of thousands of compromised
passwords. As a subscriber to our proactive spider service,
your system will be notified immediately when one of
your passwords is posted on a password site. The Strongbox security systemtm will
then disable that password even before anyone is able to
use it to access your site. Just as when anything else of
note occurs, our system will also email you to let you know
which username was found posted on which password sites.
This optional service is only $5 per month.